In this article, I show you how to run a message trace in Microsoft 365 Exchange Online.
A message trace helps you track and troubleshoot emails that flow through your organizations email system. It helps determine if a message was delivered, failed, sent to quarantine, blocked due to spam and so on. A typical use case for a message trace is when a user says they should have received an email but never did. By using a message trace, you can help determine why a message never made it to a user’s mailbox.
Message Trace Step by Step
In this example, a user has reported that they should have received an email from a specific sender but it’s not in their inbox. As an administrator you can use the message trace to see where the email is getting stuck.
Note: Message trace time range is limited to 90 days. If you want to search emails older than 90 days you need to implement archiving or retention policies.
Step 1: Log into Microsoft 365 Admin Center
Step 2: On the left side under Admin Centers select “Exchange”
Step 3: On the left side select Mail Flow > Message Trace.
Step 4: Select “Start a trace”.
Step 5: Enter your search criteria. To help limit the number of emails returned you may want to include a start and end date, subject, or recipients.
- Tip #1: Senders and recipients support wildcards (for example, *@entralyzer.com).
- Tip #2: Date range of 10 days or less, the results are available instantly as a summary report.
- Tip #3: Date range of greater than 10 days the results are available only as a downloadable CSV file.
When you have entered your search criteria click the “Search” button.
From here you can see a list of traced messages from the sender, including the recipient, subject, and status of the message.
If your date range was more than 10 days you will need to click on “Downloadable reports”. These can take some time to complete so the status could say “in progress” when you first check it.
Delivery status:
Here is an overview of the delivery status values:
- Delivered: The message was successfully delivered the recipient’s mailbox.
- Expanded: The message was sent to a distribution and expanded into individual recipients.
- Failed: Failed to deliver the message. There should be an error code explaining why it failed to deliver.
- Pending: The message is still being processed, it is still being attempted or reattempted.
- Quarantined: The message went to quarantine due to spam, malware, phishing or other reasons.
- Filtered as spam: The message was detected as spam and rejected, blocked or sent to quarantine.
- Getting status: The message was recently received by Microsoft 365, but no other status data is yet available. You can check again within a few minutes.
Click on one of the emails to get more details.
If you select the email, this page will pop up displaying more information. You can see in the screenshot below this message was not yet delivered because it went to quarantine.
I hope you found this article useful. Message traces in Exchange online are very easy to run and help you troubleshoot mail flow in your organization.